diff --git a/core/config.py b/core/config.py
index 3d7b919..dda43aa 100644
--- a/core/config.py
+++ b/core/config.py
@@ -175,6 +175,12 @@ class DatabaseConfig:
         return CoreConfig.get_config_field(
             self.__config, "core", "database", "protocol", default="mysql"
         )
+        
+    @property
+    def ssl_enabled(self) -> str:
+        return CoreConfig.get_config_field(
+            self.__config, "core", "database", "ssl_enabled", default=False
+        )
 
     @property
     def sha2_password(self) -> bool:
diff --git a/core/data/database.py b/core/data/database.py
index bd6c4f2..b4f3cc0 100644
--- a/core/data/database.py
+++ b/core/data/database.py
@@ -27,9 +27,9 @@ class Data:
 
         if self.config.database.sha2_password:
             passwd = sha256(self.config.database.password.encode()).digest()
-            self.__url = f"{self.config.database.protocol}://{self.config.database.username}:{passwd.hex()}@{self.config.database.host}:{self.config.database.port}/{self.config.database.name}?charset=utf8mb4"
+            self.__url = f"{self.config.database.protocol}://{self.config.database.username}:{passwd.hex()}@{self.config.database.host}:{self.config.database.port}/{self.config.database.name}?charset=utf8mb4&ssl={str(self.config.database.ssl_enabled).lower()}"
         else:
-            self.__url = f"{self.config.database.protocol}://{self.config.database.username}:{self.config.database.password}@{self.config.database.host}:{self.config.database.port}/{self.config.database.name}?charset=utf8mb4"
+            self.__url = f"{self.config.database.protocol}://{self.config.database.username}:{self.config.database.password}@{self.config.database.host}:{self.config.database.port}/{self.config.database.name}?charset=utf8mb4&ssl={str(self.config.database.ssl_enabled).lower()}"
 
         if Data.engine is None:
             Data.engine = create_engine(self.__url, pool_recycle=3600)
diff --git a/docs/config.md b/docs/config.md
index 8a482e3..f85e8e7 100644
--- a/docs/config.md
+++ b/docs/config.md
@@ -26,6 +26,7 @@
 - `name`: Name of the database the server should expect. Default `aime`
 - `port`: Port the database server is listening on. Default `3306`
 - `protocol`: Protocol used in the connection string, e.i `mysql` would result in `mysql://...`. Default `mysql`
+- `ssl_enabled`: Enforce SSL to be used in the connection string. Default `False`
 - `sha2_password`: Whether or not the password in the connection string should be hashed via SHA2. Default `False`
 - `loglevel`: Logging level for the database. Default `info`
 - `memcached_host`: Host of the memcached server. Default `localhost`
diff --git a/example_config/core.yaml b/example_config/core.yaml
index daf18fc..0f047f0 100644
--- a/example_config/core.yaml
+++ b/example_config/core.yaml
@@ -27,6 +27,7 @@ database:
   name: "aime"
   port: 3306
   protocol: "mysql"
+  ssl_enabled: False
   sha2_password: False
   loglevel: "info"
   enable_memcached: True